After college, I went to work at an IT consulting company as a technical consultant/software developer. We did custom development for large corporations, writing software based on the customer’s requirements. In addition, our company also sold proprietary portal software to these customers. I was working on a project where we made updates to the portal software that we already sold to a customer and installed in their environment. Also, I had access to their environment and could make updates whenever needed.

One day, while working on a new feature for the customer, I found a bug that had been there ever since the software was first installed. Even though the customer wasn’t aware of the bug, I knew that this was a serious bug that may cause a significant impact in the future. I thought about going into the customer’s environment and making changes myself without notifying the customer. In doing so, the credibility and reputation of our software would remain high. On the other hand, if I tell the customer about the bug and how it’s been in their system for past 2 years, they would lose confidence in our software and, furthermore, in our company. I didn’t know what to do. To make the situation more complex, the portal software was written by the management and they were very proud of it. If I tell them about the bug and how it’s been there ever since the software was written 7-8 years ago at the time, and that this bug is present in other customers’ portal as well, it would really embarrass the management in front of fresh consultants like myself. My dilemma was that I could just keep quiet and fix the bug without letting anyone know.

At the end, I decided to tell my manager and just follow what he would say. He was honest and told me to the fix the bug and notify the customer, and that’s what I did.

Contributed by SB.

To comment on this dilemma, leave a response.  For anonymity, omit your email address and website, and use a screen name.

About John Hooker

T. Jerome Holleran Professor of Business Ethics and Social Responsibility Tepper School of Business Carnegie Mellon University

4 responses »

  1. ZB says:

    There’s absolutely no issue with how SB handled the situation, which was to report the problem and notify the relevant people. But what if he fixed the bug without letting anyone know and achieved the seemingly optimal situation? Is it still ethical?

    It looks to me that it certainly passes the utilitarian test because the client is still confident, the management still feel good about themselves, the system is safer, and SB wouldn’t worry about being put in any potential disadvantages for exposing this embarrassing long-hidden bug. Seems like a win for all.

    If SB decides to secretly fix the bug and keep the issue to himself, the purposes behind his action would be two-fold: (1) to protect the company’s business from damaged client trust, and (2) to protect himself from getting into trouble for telling the truth. So if everyone in the same situation chooses to do the same, will SB still achieve his purposes? I think it is generalizable, as long as the client will never find out.

    But I don’t think it would pass the virtue test because it is an employee’s responsibility to report such issues to his/her supervisor. How to deal with the bug is a business decision that should not be made by SB alone. No matter what’s the purpose of not telling the truth, even if it’s for the good, it would be against the employee’s business ethics to withhold information.


  2. SW says:

    By applying the generalization test, I would say that to prevent more severe negative impact on company’s image by acting without the client’s permission, the technical consultant should not delete the bug at his own will even though he/she had the access to the environment. I would say that if SB went ahead and deleted the bug, it would be unethical according the generalization test.

    If we apply the utilitarian test, assuming that the odds of being caught by the client is 80%, the total net utility will not be increased if someone went ahead to delete the bug in the system. If the consultant gets away from being caught (with a probability of 20%) after getting rid of the bug by himself/herself, the company image will not be harmed. However, if the consultant deleted the bug without getting the permission from the client, there will be 80% that this action will not only harm the company’s image badly (even more severely comparing to admitting the mistake, the bug, in this case), but also lose the client’s trust for future business. Hence, getting the permission in advance will be ethical.

    Taking into account the virtue test (the integrity test), since the company has established business relationship with the client for three years, it is unethical to deceive the client and watch the client running into potential system failure without warning it.

    SB decided to tell his manager who told him the fix the bug and notified the customer. This behavior and action are ethical.


  3. KA says:

    I believe that SB’s dilemma is a typical dilemma that most of the software developers face during their professional careers. As a computer engineer myself, I found myself in similar situations. His manager acted in an ethical way by telling him to notify the customer. However, this is not always the case. If I was in SB’s shoes, then I would probably follow what my boss would say regardless of the fact that the action is ethical or not.

    If the utilitarian test is applied, it is essential whether the action goes unnoticed or not. The reputation of the company may be compromised if the customers recognize that the bug was fixed without their knowledge, thus the utility of the company will decrease. Customer’s utility will increase since the bug that may potentially cause system failures is resolved. On the other hand, fixing the bug will benefit the company’s image and credibility, hence its utility, if the customer does not observe SB solving the issue. Customer will not confront any possible inconveniences in the future with the resolution of this problem, so the utility of the customer will, again, increase.

    According to the generalization test, customers will eventually notice if every software company begins to fix the bugs of their installed systems. Then, credibility of the entire software industry will be at stake, most possibly leading to stricter quality assurance tests and supervision by auditing firms. This will result in increased costs for the whole industry.

    In terms of the virtue ethics test, the answer is crystal clear. The customer should be told about this issue and the bug has to be resolved.

    Therefore, the best course of action would be to fix the bug after telling the customer about it, which is exactly what SB did.


  4. John Hooker says:

    First, it is clear that the bug should be fixed, one way or another. Failure to fix it is a violation of implied (or explicit) warranty. When a product is sold, the seller warrants that it is fit for the purpose for which it was sold. This is part of the sales agreement, and violating an agreement merely for one party’s benefit is not generalizable.

    Whether you should fix it without first telling management depends on your company’s practices. If management would expect to be informed about such problems, then failing to inform them is deceptive and therefore not generalizable. It could also be seen as a violation of your employment contract because you acted without authority.

    There is another factor. A decision not to inform management is in effect a decision not to inform the customer, because once you tell the customer, your secret is out (or so I will assume). We have to decide if you have an obligation to tell the customer that you fixed the bug.

    This again depends on expectations. Software is routinely updated, and the customer is almost always informed when updates occur. So it would be deceptive not to tell the customer at least this much. This in effect informs your management about the update (or so I will assume), who will naturally ask why you are updating. At this point you are obligated to tell the truth.

    If my assumptions are correct, it appears that you are obligated to tell management about the bug, regardless of utilitarian considerations.


Leave a comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s